The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies


Recommended Posts

Unobscured Vision

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Article link | Bloomberg.com website

Oh dear. :no: 

Quote

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

-999x-999.gif

ILLUSTRATOR: SCOTT GELBER FOR BLOOMBERG BUSINESSWEEK

 

By Jordan Robertson and Michael Riley


In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

 

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

 

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design (emphasis added). Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

 

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China(emphasis added)

(....)

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

 

(read the rest of the story at the article link above -- Neowin posting rules prohibit quoting more of the story than this.)

/sigh .... 

 

Kinda figures it'd be something like this. :no: It's a safe bet people in Washington are gonna go grape ape over this one.

Link to post
Share on other sites
Obi-Wan Kenobi

Oh my goodness! I'm not surprised. Probably been going on since outsourcing all of our jobs. I wouldn't be surprised if every piece of electronic anything that comes from over there is somehow spying.

  • Like 2
Link to post
Share on other sites
Unobscured Vision
8 hours ago, Obi-Wan Kenobi said:

Oh my goodness! I'm not surprised. Probably been going on since outsourcing all of our jobs. I wouldn't be surprised if every piece of electronic anything that comes from over there is somehow spying.

I've wondered about that very possibility for a long time -- could this development be related to the recent goings on concerning Huawei and ZTE, and we're just now being made privy to it? We knew China needed to be kept at arm's length, but this ... yeesh.

 

What do you think, @DocM

Link to post
Share on other sites
DocM

This chip manipulation and embedded malware issue has been going on for some time, same as IP theft and currency manipulations, but before the political will wasn't there to whack China betwixt the eyes with a baseball bat. Not a problem now.

 

This is where smashmouth diplomacy is 100% appropriate. Should have been done long ago.

Link to post
Share on other sites
Unobscured Vision

Yeah.

 

Reading an additional story on this matter and there are contradictions now -- from Apple and Amazon both. It's from the Washington Post, so of course they're going to run a counter-piece to refute anything that negatively impacts Amazon.

 

https://www.sciencealert.com/china-inserted-surveillance-microchip-in-servers-used-by-amazon-and-apple if anyone is interested.

Link to post
Share on other sites
Jim K

Yea, I would caution against the accuracy of the Bloomberg article before raising pitchforks any higher. Apple has strongly refuted the article.  tl:dr ... Apple doesn't know what Bloomberg is talking about. 

 

https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/

 

Quote

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.

 

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

 

/snip

That is not a soft denial, or a "we're looking into this report" ... Apple is saying "Nope!"

Link to post
Share on other sites
cork1958

You get what you pay for and in this case, maybe even extra!

 

Dang Chinese s**t!! Can't say as I hadn't wondered about something like this for a long time though.

Link to post
Share on other sites
Unobscured Vision

If it is, then good. I'll be the first one to be pleased as punch over it being fake.

Link to post
Share on other sites
  • 5 weeks later...
FloatingFatMan

Y'know... You'd think that, for a tech forum, people on here would be a lot more savvy when it comes to rubbish like this.

 

Anyone that knows anything at all about electronics could tell you that that teeny tiny chip, and it's location, wouldn't actually be capable of doing anything at all.

Link to post
Share on other sites
Unobscured Vision

You'd be surprised what can be done now.

 

That being said ... yeah. The evidence isn't really there the more this is being looked into.

Link to post
Share on other sites
tiagosilva29
1 hour ago, FloatingFatMan said:

Anyone that knows anything at all about electronics could tell you that that teeny tiny chip, and it's location, wouldn't actually be capable of doing anything at all.

After discovering about The Thing, I began a ritual to wrap myself in tinfoil every morning, while humming "Neobond is love".

Link to post
Share on other sites
+Dick Montage
23 minutes ago, tiagosilva29 said:

Neobond is love

Keep drinking that Kool-ade, fanboi ;)

Link to post
Share on other sites
tiagosilva29
6 minutes ago, Human.Online said:

Keep drinking that Kool-ade, fanboi ;)

Neobond is love. Neobond is life.

  • Haha 1
Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Abhay V
      Honor reportedly working on a new device lineup with support for Google's services
      by Abhay Venkatesh

      Back in November last year, Huawei sold its Honor brand to a Chinese consortium owing to the stress created on its supply chain caused by the U.S. trade bans and the firm’s inability to source key components for its phones. The sale would allow the company to not only conserve resources for its own phones but also for Honor’s buyers to develop hardware using parts sourced from the likes of Qualcomm and software from Google.

      Now, a new report from Kommersant, a Russian publication, suggests that Honor is working on a new device lineup with support for Google services. The possible addition of Google’s Play Store coupled with the fact that the firm is no longer being owned by Huawei might also result in the devices dropping Huawei’s AppGallery, the publication adds. These phones are expected to make it to the Russian market in the spring, though availability and plans for other regions are currently not known.

      The report also adds that the lack of GMS has adversely affected the Honor brand in Russia, citing an earlier report that suggests that the brand held the second position in terms of unit sales in 2019, which was taken over by Xiaomi. The inclusion of Google Mobile Service (GMS) and the now-removed trade blocks for business with the likes of Qualcomm could greatly improve the sales of the devices in Russia and elsewhere.

      While it is no surprise that the new owners of the Honor brand expect to begin shipping devices with Google’s services, it will be interesting to see if the company continues bundling Huawei’s AppGallery with the phones. The report speculates that the removal of Huawei’s store might reduce developer efforts for that company. Additionally, it is highly unlikely that Honor’s upcoming flagship, expected to be called the V40, will bring support for Google’s services.

      Source: Kommersant via GSMArena

    • By zikalify
      Brazilian government allows Huawei to take part in 5G auction
      by Paul Hill



      Reuters, citing the Brazilian newspaper O Estado de S. Paulo, has said that Brazil is likely to allow Huawei to participate in the 5G auction that’s set to take place in June. The Bolsonaro government of Brazil has been looking for ways to exclude the Chinese company from the country’s networks, following the lead of the United States, but between Trump’s upcoming departure from the White House and the cost of excluding Huawei, Jair Bolsonaro is being forced to backtrack on his plans.

      The Brazilian newspaper had cited government and industry sources to back up claims that Brazil will allow Huawei into the 5G network auctions later this year. It said that with China being Brazil’s biggest trade partner and Huawei being more cost-competitive, Bolsonaro has faced resistance to banning the Chinese firm from industry and members of his government including Vice President Hamilton Mourao.

      VP Mourao told the newspaper that any company that takes part in the auction will be subject to the country’s data protection laws and must respect Brazil’s sovereignty. One of the arguments put forth by the current U.S. administration is that Huawei has links to the Communist Party of China and therefore data won’t be safe if Huawei is allowed into 5G networks.

      While Trump’s departure may have saved Huawei’s prospects in Brazil, it has come too late for the company in other countries like Poland and the United Kingdom which have already moved to ban Huawei from their 5G networks and remove it where it has already been installed.

      Source: Estadao (Portuguese) via Reuters

    • By indospot
      New U.S. executive order bans transactions with eight Chinese apps
      by João Carrasqueira



      United States President Donald Trump signed an executive order this week, aiming to ban U.S. transactions with eight Chinese apps and services, according to a report by Reuters. The current administration has a history of imposing or attempting to impose restrictions on Chinese companies, with one recent example being ByteDance's TikTok, which it tried to ban last summer.

      Just like before, the executive order cites security issues with these Chinese apps, which could potentially allow China to "track the locations of federal employees and contractors, and build dossiers of personal information". The executive order targets eight apps, including payment services Alipay, QQ Wallet, and WeChat Pay, as well as popular apps such as CamScanner, SHAREit, and WPS Office.

      In the hours following the executive order, China has said that it will take the "necessary measures" to protect the rights of its home-grown companies. Kingsoft, the company behind WPS Office, has stated that the order isn't expected to have any significant impact on its business in the short term, but other targeted companies also had no comment.

      As with TikTok, there's a 45-day period for the Commerce Department to decide which transactions should be banned under the executive order, but an official has stated that action will be taken before January 20, the day of the inauguration of Joe Biden as President. Biden could choose to revoke the order once taking office, but the transition team has made no comment on the matter.

      The planned restrictions on TikTok last year ended up not going through, as courts believed they violate freedom of speech. The administration believes that such an argument wouldn't apply to the apps in this executive order, however.

    • By zikalify
      TrendForce: Huawei to see big smartphone production drop in 2021
      by Paul Hill



      New data from TrendForce reveals that Huawei could be pushed out of the top six list of smartphone producers in 2021. This development is the result of two things: U.S. restrictions against Huawei and the coronavirus pandemic. Huawei is expected to fall from third position down to seventh with the Chinese manufacturer Transsion gaining sixth place.

      While Huawei was hit by two problems last year, the rest of the smartphone market struggled too. The data shows that “a mere” 1.25 billion smartphone units were produced last year, a year-over-year decrease of 11% which is also a new record according to the analyst firm. 2021 will see the firms recover but Huawei is expected to slip as restrictions remain in place and it loses sales from its Honor brand which was recently sold off.

      In 2020, Samsung was the largest producer with 263 million units but only held 11% of 5G market share. Apple, which was in second place, has a production volume of 199 million units but had the largest 5G market share with 31%. Huawei came in second place in terms of 5G market share with 30%. In 2021, Apple will be well ahead in the 5G market reaching 35% with OPPO in second place at just 14%. Huawei’s production volume is expected to drop from 170 million units to 45 million units and its 5G market share will fall from 30% to just 8%.

      While TrendForce can try its best, its predictions could change dramatically depending on how the year pans out. Joe Biden is set to take over later this month which could see a change in policy against China and Huawei and with regards to the pandemic all sorts could happen; the virus could mutate to become more transmissible causing further lockdowns and there could be vaccine shortages in some countries further hampering the recovery.

    • By Ather Fawaz
      China is cracking down on monopolistic businesses, starting from tech giant Alibaba
      by Ather Fawaz

      Image via Financial TimesChina has launched an antitrust probe against Alibaba Group (alibaba.com). Regulators will summon the company's Ant Group affiliate to meet in the coming days. The meeting would “guide Ant Group to implement financial supervision, fair competition and protect the legitimate rights and interests of consumers,” a statement by the People’s Bank of China said on Thursday.

      The probe follows from the country's crackdown on monopolistic behavior in its tech space. Draft anti-monopoly rules released last month gave the government sweeping powers to rein in entrepreneurs like Ma whose businesses have enjoyed freedom from strict regulations thus far. People’s Daily, which is the largest newspaper group in the country and the official newspaper of the Chinese Communist Party, wrote that if “monopoly is tolerated, and companies are allowed to expand in a disorderly and barbarian manner, the industry won’t develop in a healthy, and sustainable way”.

      Last month, China suspended Ant's planned $37 billion Initial Public Offering (IPO) just two days before trading would commence in Shanghai and Hong Kong. Had it not been for the suspension, Ant's IPO was on course to become the world's largest, surpassing its own historic IPO of $25 billion that it clocked back in September 2014. Following news of the antitrust probe, shares in Alibaba fell nearly 9% in Hong Kong.

      Source: Reuters